WO2011156274A2 - Procédés, systèmes et supports lisibles par ordinateur de masquage d'informations de nœuds diameter dans un réseau de communications - Google Patents
Procédés, systèmes et supports lisibles par ordinateur de masquage d'informations de nœuds diameter dans un réseau de communications Download PDFInfo
- Publication number
- WO2011156274A2 WO2011156274A2 PCT/US2011/039285 US2011039285W WO2011156274A2 WO 2011156274 A2 WO2011156274 A2 WO 2011156274A2 US 2011039285 W US2011039285 W US 2011039285W WO 2011156274 A2 WO2011156274 A2 WO 2011156274A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- diameter
- message
- node
- agent
- information
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/283—Processing of data at an internetworking point of a home automation network
- H04L12/2834—Switching of information between an external network and a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
Definitions
- the subject matter described herein relates to methods and systems for communications in a DIAMETER network. More particularly, the subject matter described herein relates to methods, systems, and computer readable media for obscuring DIAMETER node information in a communication network.
- messages and communications between nodes in the network include information identifying the name and location of each node in the network. For example, when a request message is sent to a realm or domain in the network and is routed to the appropriate server, the request message and server's response each include information identifying the client and server, respectively, to each other.
- DIAMETER messages exist in the format of request-answer messages. All answer messages travel back to the request source via the same path through which the request message was routed using hop-by-hop transport.
- the first DIAMETER node sends a request identifying itself and its realm or domain, as well as identifying the realm or domain of the DIAMETER node from which the first DIAMETER node needs information.
- the DIAMETER answer message sent back from the DIAMETER node that receives the request will include information identifying the receiving DIAMETER node and its realm or domain.
- DIAMETER node information There are disadvantages associated with providing a requesting node with DIAMETER node identification and location information. This type of information is generically referred to herein as DIAMETER node information. Providing DIAMETER node information to untrusted parties could pose a security risk. By providing an outside node with a DIAMETER node's address, the providing DIAMETER node becomes more susceptible to attacks. Also, it might be desirable for a service provider to withhold information about its network topology, such as the number of home subscriber servers (HSSs) in the network, from its competitors, as an example.
- HSSs home subscriber servers
- DIAMETER messages there exists a need for methods, systems, and computer readable media for obscuring DIAMETER node information in a communications network.
- the subject matter described herein includes a system for obscuring DIAMETER node information in a communication network.
- the system includes a DIAMETER agent platform.
- the DIAMETER agent platform includes a network interface for receiving a message from a first DIAMETER node.
- the DIAMETER agent platform further includes a DIAMETER information hiding module for modifying, in the first message, DIAMETER information for the first DIAMETER node so as to obscure the identity of the first diameter node.
- the diameter agent includes a routing module for routing the modified message to a second DIAMETER node.
- the subject matter described herein includes a method for obscuring DIAMETER node information in a communication network.
- the method includes receiving, at a DIAMETER agent platform, a message from a first DIAMETER node.
- the method further includes modifying DIAMETER information in the message received from the first DIAMETER node so as to obscure the identity of the first DIAMETER node.
- the method further includes routing the modified message to a second DIAMETER node.
- the subject matter described herein for obscuring DIAMETER node information in a communication network may be implemented in hardware, a combination of hardware and software, firmware, or any combination of hardware, software, and firmware.
- the terms “function” or “module” as used herein refer to hardware, a combination of hardware and software, firmware, or any combination of hardware, software, and firmware for implementing the features described herein.
- the subject matter described herein may be implemented using a computer readable medium having stored thereon computer executable instructions that when executed by the processor of a computer control the computer to perform steps.
- Exemplary computer readable media suitable for implementing the subject matter described herein include non- transitory devices, such as disk memory devices, chip memory devices, programmable logic devices, and application specific integrated circuits.
- a computer readable medium that implements the subject matter described herein may be located on a single device or computing platform or may be distributed across multiple devices or computing platforms.
- FIG. 1 is a block diagram illustrating an exemplary LTE network including the present invention according to an embodiment of the subject matter described herein;
- Figure 2 is a signaling message flow diagram illustrating exemplary messages communicated between an MME and an HSS through a DIAMETER agent according to an embodiment of the subject matter described herein;
- Figure 3 is a signaling message flow diagram illustrating exemplary messages communicated between an MME and an HSS through a DIAMETER agent according to an embodiment of the subject matter described herein;
- Figure 4 is a signaling message flow diagram illustrating exemplary messages communicated between an HSS and an MME through a DIAMETER agent according to an embodiment of the subject matter described herein;
- Figure 5 is a signaling message flow diagram illustrating exemplary messages communicated between an MME and an HSS through two DIAMETER agents according to an embodiment of the subject matter described herein;
- FIG. 6 is a block diagram illustrating an exemplary DIAMETER agent according to an embodiment of the subject matter described herein;
- Figure 7 is a flow chart illustrating an exemplary process for obscuring the identity of a DIAMETER node in a communication network according to an embodiment of the subject matter described herein;
- Figure 8A is a table containing exemplary stateful topology hiding data according to an embodiment of the subject matter described herein;
- Figure 8B is a table containing exemplary stateless topology hiding data according to an embodiment of the subject matter described herein.
- FIG. 1 is a block diagram illustrating an exemplary LTE network including a DIAMETER agent according to an embodiment of the subject matter described herein.
- end user devices 100 e.g., mobile handsets
- eNodeB 102A which performs radio access functions similar to a base transceiver station (BTS).
- BTS base transceiver station
- a mobility management entity (MME) 104 performs authentication and tracking of end user devices 100.
- MME 104 is connected to DIAMETER agent 106, which includes a DIAMETER information hiding module (DHM) 108 for implementing a diameter information hiding function.
- DIAMETER agent 106 which includes a DIAMETER information hiding module (DHM) 108 for implementing a diameter information hiding function.
- DDM DIAMETER information hiding module
- DIAMETER information hiding module 108 strips DIAMETER identification information from received messages so that the secrecy of DIAMETER topology and node identification information is preserved.
- DIAMETER agent 106 is further connected to network nodes, such as home subscriber server (HSS) 110 and policy and charging rules function (PCRF) 112.
- HSS 110 stores mobile subscription data.
- PCRF 112 provides policy and charging control functions.
- DIAMETER agent 106 may additionally be connected to other network nodes, such as online and offline charging systems, to provide additional functions and services to network subscribers.
- FIG. 2 is a signaling message flow diagram illustrating exemplary messages communicated between an MME and an HSS through a DIAMETER agent according to an embodiment of the subject matter described herein.
- MME 104 on Sprint's network needs information from HSS 110 on Verizon's network, for a Verizon customer who is roaming on Sprint's network.
- Sprint's MME 104 does not know the specific host information for Verizon's HSS 110, just that the subscriber who is roaming is a Verizon customer.
- ULR DIAMETER UpdateLocation Request
- the ULR message may also include the subscriber's International Mobile Subscriber Identity (IMSI) and an application ID.
- IMSI International Mobile Subscriber Identity
- the ULR message is received by Verizon's DIAMETER agent 106, which includes DIAMETER information hiding module 108.
- DIAMETER agent 106 evaluates the message, determines which Verizon HSS 110 serves this subscriber, and, in step (2), routes the message to the appropriate Verizon HSS 110.
- DIAMETER agent 106 may maintain state information about the message, as will be described in greater detail below, regarding Figure 8A.
- HSS 110 retrieves the requested subscriber information and in step (3) sends a DIAMETER UpdateLocation Answer (ULA) message, directed to MME 104, back to DIAMETER agent 106, following a hop-by-hop transport protocol.
- DIAMETER agent 106 may maintain information regarding the virtual host identity used for this message from HSS 110, as is discussed in greater detail below, regarding Figure 8B.
- DIAMETER agent 106 sends the modified ULA message to MME 104.
- DIAMETER agent 106 may use a single virtual identity for all the network elements it is protecting, e.g. "HSS-Public" as the virtual host identity for all HSSs in the network, or assign a virtual host identity to smaller groups of network nodes.
- DIAMETER agent 106 may use a different virtual host for each host node in its network, for example, if the goal was simply to mask the identities of network nodes but not to hide the number of network elements currently deployed.
- DIAMETER agent 106 may associate multiple virtual host names with a single host node, to further obscure the network's topology by making it appear as though there are more network nodes than the network actually has. DIAMETER agent 106 may also change the virtual host name for any or all network nodes periodically, such as once per day, for example, or at non-regular intervals, for example, in response to some event.
- HSS1 such that any subsequent messages involving the subscriber are properly routed to the same host each time. Additional answer messages sent from HSS 110 in response will also be routed through DIAMETER agent 106, where again any DIAMETER identifying information would be modified to hide the identity of the node from which the answer originates.
- FIG. 3 is a signaling message flow diagram illustrating exemplary messages communicated between an MME and an HSS through a DIAMETER agent according to an embodiment of the subject matter described herein.
- Sprint's objective is to mask the identity of a DIAMETER host serving a subscriber, or to conceal the number of network elements currently deployed, in order to obscure its network topology, much like Verizon, as discussed above.
- Sprint wants to hide the identities of its MMEs and keep Verizon from knowing how many MMEs Sprint has deployed.
- MME 104A on Sprint's network needs information from HSS 110 on Verizon's network, for a Verizon customer who is roaming on Sprint's network.
- the ULR message may also include the subscriber's International Mobile Subscriber Identity (IMSI) and an application ID.
- IMSI International Mobile Subscriber Identity
- DIAMETER agent 106 effectively conceals the topology of Sprint's network, making it appear to outside network nodes as though Sprint only has a single deployed MME.
- DIAMETER agent 106 maintains state information . regarding the virtual host identity used for this message. DIAMETER agent 106 may store this information in a database or table such as mapping table 300. Mapping table 300 identifies the actual MME serving the subscriber, i.e. associates MME 104A with "IMSI1". Stateful and stateless implementations of the subject matter disclosed herein are discussed in greater detail below, regarding Figure 8B.
- DIAMETER agent 106 sends the modified ULR message to Verizon's realm, where it is then routed to HSS 110.
- HSS 110 would then retrieve the requested information regarding the subscriber whose IMSI was identified in the ULR message, formulate a ULA message including the retrieved information, and send the ULA back to MME 104A via hop-by-hop transport protocol (not shown).
- Figure 4 is a signaling message flow diagram illustrating exemplary messages communicated between an HSS and an MME through a DIAMETER agent according to an embodiment of the subject matter described herein.
- the example illustrated in Figure 4 may be considered an extension of the example illustrated in Figure 3, where the messages of Figure 4 subsequently follow the messages illustrated in Figure 3 and some later time within the same session or series of messages involving the subscriber identified by IMSI1.
- the messages of Figure 4 are not responses to the messages in Figure 3, but rather a distinct, independent set of DIAMETER Requests and Answers.
- FIG. 4 illustrates exemplary request messages originated by HSS 110, such as a DIAMETER CancelLocation Request (CLR).
- CLR DIAMETER CancelLocation Request
- HSS 110 is only aware of the identity of Sprint's virtual host, "MME-Public”.
- HSS 110 creates a CLR message including DIAMETER identifying information for the message source, i.e.
- HSS 110 then routes this CLR message to Sprint's network, where it is intercepted and processed by DIAMETER agent 106.
- DIAMETER agent 106 evaluates the message and may access stored mapping or state information to determine which MME is serving the identified subscriber.
- CLA DIAMETER CancelLocation Answer
- FIG. 5 is a signaling message flow diagram illustrating exemplary messages communicated between an MME and an HSS through multiple DIAMETER agents according to an embodiment of the subject matter described herein.
- both Verizon and Sprint intend to hide their respective network topologies from the other party.
- MME 104 in Sprint's network needs information from HSS 110 in Verizon's network for a Verizon customer who is roaming in Sprint's network.
- Sprint's MME 104 does not know the specific host information for Verizon's HSS 110, just that the person roaming is a Verizon customer.
- the ULR message may also include the subscriber's IMSI.
- DIAMETER agent 106A including DIAMETER information hiding module 108 and belonging to Sprint, intercepts this ULR message.
- DIAMETER agent 106A routes the ULR message to Verizon's domain.
- DIAMETER agent 106A may also store state information about the message prior to sending the message to Verizon, such as information identifying MME 104 as the MME currently serving the subscriber associated with "IMSI1".
- the ULR message is received by Verizon's DIAMETER agent 106B, including topology hiding module 108.
- DIAMETER agent 106B evaluates the message and, at step (3), routes the message to the appropriate Verizon HSS 110. DIAMETER agent 106B may also maintain state information about the message.
- HSS 110 retrieves the desired information and at step (4) generates and sends a ULA message, directed to MME 104, back to DIAMETER agent 106B, following hop-by-hop transport protocol.
- DIAMETER agent 106A receives the ULA message and may use stored state information to determine which node on its network this ULA is actually addressed to, i.e., MME 104.
- DIAMETER agent 106B may store a transaction identifier from the outgoing ULR message and may use that transaction identifier to locate the corresponding response message.
- DIAMETER agent 106B and in particular, DIAMETER information hiding module 108 may be stateless with regard to the transaction involving the received message from which topology information is extracted or hidden.
- the DIAMETER information hiding module 108 may maintain a mapping between the virtual identifier placed in the ULA message and the DIAMETER topology information that was removed or obscured.
- This mapping may also include the subscriber's IMSI.
- topology hiding module may use the stored mapping information when replacing the virtual identifier with the real DIAMETER identifier for the destination.
- DIAMETER agent 106B sends the ULA to MME 104.
- FIG. 6 is a block diagram illustrating an exemplary DIAMETER agent according to an embodiment of the subject matter described herein.
- a DIAMETER agent such as DIAMETER agent 106, includes one or more network interfaces, such as network interfaces 600 and 604, a routing module 602, and a DIAMETER information hiding module 108 for implementing a topology hiding function. It will be understood that DIAMETER agent 106 may comprise additional components and is not limited to only the components shown in Figure 6.
- DIAMETER agent 106 receives a message, such as a DIAMETER Update Location Request (ULR) message, at a network interface such as network interface 600.
- the message is passed to the topology hiding module 108, which then determines if the message needs to be modified before being routed to its destination. In this example, the URL message is not modified, and it is then passed to routing module 602.
- Routing module 602 determines the appropriate destination of the message and routes it through a network interface such as network interface 604.
- DIAMETER agent 106 also receives a response message, such as a DIAMETER Update Location Answer (ULA) message, at a network interface 604.
- a response message such as a DIAMETER Update Location Answer (ULA) message
- the ULA is passed to DIAMETER information hiding module 108, which then determines the message needs to be modified to obscure the identity of the origin host.
- DHM 108 modifies the message accordingly and passes the modified ULA message to routing module 602. Routing module 602 then routes the message to its destination via network interface 600.
- DIAMETER information hiding module 108 and routing module 602 are shown here as distinct components of DIAMETER agent 106, DIAMETER information hiding module 108 and routing module may be integrated within the same chip or executed by the same processor.
- DIAMETER agent 106 may be any suitable node capable of receiving and forwarding DIAMETER signaling messages.
- DIAMETER agent 106 may be a DIAMETER signaling router that routes DIAMETER signaling messages based on DIAMETER information contained within the signaling messages.
- DIAMETER agent 106 may be, in addition to or instead of a DIAMETER signaling router, one or more of: a DIAMETER relay agent, a DIAMETER proxy agent, a DIAMETER redirect agent, or a DIAMETER translation agent, as described in IETF RFC 3588, the disclosure of which is incorporated herein by reference in its entirety.
- FIG. 7 is a flow chart illustrating an exemplary process for obscuring the identity of a DIAMETER node in a communication network according to an embodiment of the subject matter described herein.
- a DIAMETER agent having a topology hiding module 108 such as DIAMETER agent 106
- DIAMETER agent 106 routes the message to its intended destination, using routing module 602.
- FIG. 8A is a table containing exemplary stateful topology hiding data according to an embodiment of the subject matter described herein.
- a DIAMETER agent such as DIAMETER agent 106
- State information may include a session ID, may be maintained via reference to a subscriber's IMSI, or may be tracked through one of the many state-tracking mechanisms well known in the art.
- DIAMETER agent 106 may use this state information to resolve the appropriate destination node of additional communications involving the same subscriber, should they occur.
- a stateful implementation of the subject matter disclosed herein may include maintaining mapping information, as illustrated by the MME Hiding Data table in Figure 8A, which maps the association between a subscriber, e.g. "IMSI1", a session, e.g. "sessionl”, the DIAMETER host serving that subscriber, e.g. "MME1", the DIAMETER realm, e.g. "SPRINT.NET", and the virtual host identity, e.g. "MME-Public”.
- a DIAMETER agent 106 configured to obscure the topology of networks including elements such as MMEs will generally store state information, i.e. the relationship between a subscriber, an MME and a virtual host, that is generated dynamically.
- Figure 8B is a table containing exemplary stateless topology hiding data according to an embodiment of the subject matter described herein.
- a DIAMETER agent such as DIAMETER agent 106
- a stateless implementation of the subject matter disclosed herein may include maintaining mapping information, as illustrated by the HSS Hiding Data table in Figure 8B, which maps the association between a subscriber, e.g. "IMSI1", the DIAMETER host serving that subscriber, e.g. "HSS1", the DIAMETER realm, e.g.
- VZW.NET virtual host identity
- HSS- Public virtual host identity
- a DIAMETER agent 106 configured to obscure the topology of networks including elements such as HSSs will generally not store dynamically-created state information, as network elements such as HSSs are statically mapped, i.e. the same HSS will essentially always be the host that serves a particular subscriber. Therefore, given the relationship between a subscriber, an HSS and a virtual host essentially does not change, DIAMETER agent 106 may not need to track and store transaction information such as a session ID to accurately map a subscriber ID to an HSS and virtual host identity.
Abstract
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP11792956.2A EP2577930B1 (fr) | 2010-06-06 | 2011-06-06 | Procédés, systèmes et supports lisibles par ordinateur de masquage d'informations de noeuds diameter dans un réseau de communications |
CN201180032307.4A CN103039049B (zh) | 2010-06-06 | 2011-06-06 | 用于在通信网络中遮蔽直径节点信息的方法、系统和计算机可读介质 |
KR1020127034449A KR101506232B1 (ko) | 2010-06-06 | 2011-06-06 | 통신 네트워크에서 다이어미터 노드 정보를 차폐하기 위한 방법, 시스템 및 컴퓨터 판독 가능한 기록매체 |
IN10349CHN2012 IN2012CN10349A (fr) | 2010-06-06 | 2011-06-06 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US35192310P | 2010-06-06 | 2010-06-06 | |
US61/351,923 | 2010-06-06 | ||
US36736710P | 2010-07-23 | 2010-07-23 | |
US61/367,367 | 2010-07-23 |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2011156274A2 true WO2011156274A2 (fr) | 2011-12-15 |
WO2011156274A3 WO2011156274A3 (fr) | 2012-04-05 |
WO2011156274A4 WO2011156274A4 (fr) | 2012-05-24 |
Family
ID=45065328
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2011/039285 WO2011156274A2 (fr) | 2010-06-06 | 2011-06-06 | Procédés, systèmes et supports lisibles par ordinateur de masquage d'informations de nœuds diameter dans un réseau de communications |
Country Status (6)
Country | Link |
---|---|
US (1) | US9094819B2 (fr) |
EP (1) | EP2577930B1 (fr) |
KR (1) | KR101506232B1 (fr) |
CN (1) | CN103039049B (fr) |
IN (1) | IN2012CN10349A (fr) |
WO (1) | WO2011156274A2 (fr) |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8547908B2 (en) | 2011-03-03 | 2013-10-01 | Tekelec, Inc. | Methods, systems, and computer readable media for enriching a diameter signaling message |
US8615237B2 (en) | 2010-01-04 | 2013-12-24 | Tekelec, Inc. | Methods, systems, and computer readable media for policy and charging rules function (PCRF) node selection |
US8626157B2 (en) | 2010-02-11 | 2014-01-07 | Tekelec, Inc. | Methods, systems, and computer readable media for dynamic subscriber profile adaptation |
US8737304B2 (en) | 2011-03-01 | 2014-05-27 | Tekelec, Inc. | Methods, systems, and computer readable media for hybrid session based diameter routing |
US8825060B2 (en) | 2011-03-01 | 2014-09-02 | Tekelec, Inc. | Methods, systems, and computer readable media for dynamically learning diameter binding information |
US8918469B2 (en) | 2011-03-01 | 2014-12-23 | Tekelec, Inc. | Methods, systems, and computer readable media for sharing diameter binding data |
US8942747B2 (en) | 2011-02-04 | 2015-01-27 | Tekelec, Inc. | Methods, systems, and computer readable media for provisioning a diameter binding repository |
US9059948B2 (en) | 2004-12-17 | 2015-06-16 | Tekelec, Inc. | Methods, systems, and computer program products for clustering and communicating between internet protocol multimedia subsystem (IMS) entities and for supporting database access in an IMS network environment |
US20150257044A1 (en) * | 2012-07-06 | 2015-09-10 | Mobileum, Inc. | Steering of roaming in lte and legacy network environment |
US9148524B2 (en) | 2011-05-06 | 2015-09-29 | Tekelec, Inc. | Methods, systems, and computer readable media for caching call session control function (CSCF) data at a diameter signaling router (DSR) |
US9253163B2 (en) | 2011-12-12 | 2016-02-02 | Tekelec, Inc. | Methods, systems, and computer readable media for encrypting diameter identification information in a communication network |
US9668134B2 (en) | 2015-08-14 | 2017-05-30 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network protocol interworking and authentication proxying |
US9668135B2 (en) | 2015-08-14 | 2017-05-30 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network signaling protocol interworking for user authentication |
US9923984B2 (en) | 2015-10-30 | 2018-03-20 | Oracle International Corporation | Methods, systems, and computer readable media for remote authentication dial in user service (RADIUS) message loop detection and mitigation |
US9967148B2 (en) | 2015-07-09 | 2018-05-08 | Oracle International Corporation | Methods, systems, and computer readable media for selective diameter topology hiding |
EP3331215A1 (fr) * | 2010-12-16 | 2018-06-06 | Openet Telecom Ltd. | Procédés, systèmes et dispositifs de routage à base de contexte dynamique |
US10033736B2 (en) | 2016-01-21 | 2018-07-24 | Oracle International Corporation | Methods, systems, and computer readable media for remote authentication dial-in user service (radius) topology hiding |
US10084755B2 (en) | 2015-08-14 | 2018-09-25 | Oracle International Corporation | Methods, systems, and computer readable media for remote authentication dial in user service (RADIUS) proxy and diameter agent address resolution |
US10951519B2 (en) | 2015-06-17 | 2021-03-16 | Oracle International Corporation | Methods, systems, and computer readable media for multi-protocol stateful routing |
US11283883B1 (en) | 2020-11-09 | 2022-03-22 | Oracle International Corporation | Methods, systems, and computer readable media for providing optimized binding support function (BSF) packet data unit (PDU) session binding discovery responses |
US11558737B2 (en) | 2021-01-08 | 2023-01-17 | Oracle International Corporation | Methods, systems, and computer readable media for preventing subscriber identifier leakage |
US11570689B2 (en) | 2021-05-07 | 2023-01-31 | Oracle International Corporation | Methods, systems, and computer readable media for hiding network function instance identifiers |
US11627467B2 (en) | 2021-05-05 | 2023-04-11 | Oracle International Corporation | Methods, systems, and computer readable media for generating and using single-use OAuth 2.0 access tokens for securing specific service-based architecture (SBA) interfaces |
US11638155B2 (en) | 2021-05-07 | 2023-04-25 | Oracle International Corporation | Methods, systems, and computer readable media for protecting against mass network function (NF) deregistration attacks |
US11695563B2 (en) | 2021-05-07 | 2023-07-04 | Oracle International Corporation | Methods, systems, and computer readable media for single-use authentication messages |
US11888894B2 (en) | 2021-04-21 | 2024-01-30 | Oracle International Corporation | Methods, systems, and computer readable media for mitigating network function (NF) update and deregister attacks |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8750126B2 (en) | 2009-10-16 | 2014-06-10 | Tekelec, Inc. | Methods, systems, and computer readable media for multi-interface monitoring and correlation of diameter signaling information |
WO2011100600A2 (fr) | 2010-02-12 | 2011-08-18 | Tekelec | Procédés, systèmes et supports lisibles par ordinateur pour assurer un routage à priorité au niveau d'un nœud diameter |
IN2012CN06918A (fr) | 2010-02-12 | 2015-05-29 | Tekelec Inc | |
CN102986170B (zh) | 2010-06-15 | 2016-03-16 | 泰克莱克股份有限公司 | 用于在diameter网络中提供动态的基于起点的路由关键字登记的方法、系统和设备 |
US20120117260A1 (en) * | 2010-11-09 | 2012-05-10 | Infinite Convergence Solutions, Inc | Enhanced Diameter Gateway |
WO2012088497A1 (fr) | 2010-12-23 | 2012-06-28 | Tekelec | Procédés, systèmes et supports lisibles par ordinateur pour modifier un message de signalement de diamètre destiné à un nœud ayant une fonction de facturation |
US20130254830A1 (en) | 2012-03-22 | 2013-09-26 | Madhav Moganti | Apparatus and method for assuring communications of corporate users |
US20140068101A1 (en) * | 2012-09-04 | 2014-03-06 | Alcatel-Lucent Canada, Inc. | Received message context objects |
US20150058414A1 (en) * | 2012-05-29 | 2015-02-26 | Alcatel-Lucent Canada Inc. | Diameter interoperability facilitation |
US9253101B2 (en) * | 2012-10-17 | 2016-02-02 | Alcatel Lucent | Method and apparatus of group credit control for wireless networks |
US9319378B2 (en) | 2013-01-23 | 2016-04-19 | Tekelec, Inc. | Methods, systems, and computer readable media for using a diameter routing agent (DRA) to obtain mappings between mobile subscriber identification information and dynamically assigned internet protocol (IP) addresses and for making the mappings accessible to applications |
US9516102B2 (en) * | 2013-03-07 | 2016-12-06 | F5 Networks, Inc. | Server to client reverse persistence |
US10027580B2 (en) * | 2013-03-28 | 2018-07-17 | Oracle International Corporation | Methods, systems, and computer readable media for performing stateful diameter routing with diameter routing agents that use different mechanisms to achieve stateful routing |
EP3025480A1 (fr) * | 2013-07-24 | 2016-06-01 | Telefonaktiebolaget LM Ericsson (publ) | Déchargement d'informations d'état pour agents de diamètre |
GB2525637B (en) * | 2014-04-30 | 2021-03-31 | Metaswitch Networks Ltd | Message Processing |
CN105338511B (zh) * | 2014-06-25 | 2019-08-16 | 华为技术有限公司 | 网络拓扑隐藏方法和设备 |
CN105530183B (zh) * | 2014-09-30 | 2019-11-05 | 中兴通讯股份有限公司 | 响应消息的获取、响应消息的路由方法、装置及系统 |
US10554661B2 (en) | 2015-08-14 | 2020-02-04 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network session correlation for policy control |
US10637779B1 (en) * | 2018-10-16 | 2020-04-28 | Oracle International Corporation | Methods, systems, and computer readable media for diameter signaling message external identifier address resolution and routing |
US11381955B2 (en) | 2020-07-17 | 2022-07-05 | Oracle International Corporation | Methods, systems, and computer readable media for monitoring machine type communications (MTC) device related information |
KR102380259B1 (ko) * | 2020-11-20 | 2022-03-30 | 주식회사 윈스 | 모바일 코어망에서의 사용자 위치 정보 탈취를 위한 다이어미터 공격 탐지 방법 및 장치 |
CN112954625B (zh) * | 2021-03-02 | 2022-03-11 | 武汉绿色网络信息服务有限责任公司 | 信令传输方法、装置、设备及存储介质 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1848150A1 (fr) | 2006-04-20 | 2007-10-24 | NTT DoCoMo, Inc. | Procedé et appareil pour la dissimulation de la topologie de réseau de données. |
Family Cites Families (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US1872857A (en) | 1931-04-20 | 1932-08-23 | Peerless Handcuff Company | Police officer's shackle |
US6460036B1 (en) | 1994-11-29 | 2002-10-01 | Pinpoint Incorporated | System and method for providing customized electronic newspapers and target advertisements |
US5758257A (en) | 1994-11-29 | 1998-05-26 | Herz; Frederick | System and method for scheduling broadcast of and access to video programs and other data using customer profiles |
US6298383B1 (en) | 1999-01-04 | 2001-10-02 | Cisco Technology, Inc. | Integration of authentication authorization and accounting service and proxy service |
EP1873980B1 (fr) | 2002-01-21 | 2015-07-22 | SISVEL International S.A. | Élément d'interrogation en réseau pour un réseau de données IMS |
CN1643879B (zh) | 2002-03-27 | 2010-09-29 | 诺基亚西门子通信有限责任两合公司 | 用于在aaa服务器系统中更新信息的方法 |
ATE313201T1 (de) | 2002-04-22 | 2005-12-15 | Bedienerauswählender server, methode und system für die beglaubigung, ermächtigung und buchhaltung | |
US7283539B2 (en) | 2002-06-10 | 2007-10-16 | Airwide Solutions Inc. | Method and system for managing message-based applications and applications providers in a communications network |
KR100651716B1 (ko) | 2004-10-11 | 2006-12-01 | 한국전자통신연구원 | Diameter 기반 프로토콜에서 모바일 네트워크의부트스트랩핑 방법 및 그 시스템 |
WO2006102850A1 (fr) | 2005-03-30 | 2006-10-05 | Huawei Technologies Co., Ltd. | Procede et systeme de mise en oeuvre d'une commande de chemin |
US20060259759A1 (en) * | 2005-05-16 | 2006-11-16 | Fabio Maino | Method and apparatus for securely extending a protected network through secure intermediation of AAA information |
CN1964316A (zh) * | 2005-11-10 | 2007-05-16 | 华为技术有限公司 | 在分组网络中实现网络屏蔽的方法及系统 |
US20080010669A1 (en) * | 2006-04-28 | 2008-01-10 | Nokia Corporation | Hiding in Sh interface |
US8208930B2 (en) | 2006-06-21 | 2012-06-26 | Hewlett-Packard Development Company, L. P. | Message routing in a telecommunication system |
CN101480015A (zh) | 2006-07-03 | 2009-07-08 | 艾利森电话股份有限公司 | 移动代理的拓扑隐藏 |
CN101247321B (zh) | 2007-02-14 | 2012-07-04 | 华为技术有限公司 | 在基于直径协议的网络中进行路由诊断的方法、装置及系统 |
US8155128B2 (en) * | 2007-09-26 | 2012-04-10 | Alcatel Lucent | Method and apparatus for establishing and managing diameter associations |
EP2220841B1 (fr) | 2007-11-01 | 2011-09-28 | Telefonaktiebolaget LM Ericsson (publ) | Procédé et système pour corréler des sessions d'aaa |
US8218459B1 (en) * | 2007-12-20 | 2012-07-10 | Genbrand US LLC | Topology hiding of a network for an administrative interface between networks |
US20090165017A1 (en) * | 2007-12-24 | 2009-06-25 | Yahoo! Inc. | Stateless proportionally consistent addressing |
US8326263B2 (en) | 2007-12-27 | 2012-12-04 | Zte Corporation | Method for selecting policy and charging rules function |
CN101227391B (zh) | 2008-01-09 | 2012-01-11 | 中兴通讯股份有限公司 | 非漫游场景下策略和计费规则功能实体的选择方法 |
US9749404B2 (en) | 2008-04-17 | 2017-08-29 | Radware, Ltd. | Method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers |
US8249551B2 (en) | 2008-06-05 | 2012-08-21 | Bridgewater Systems Corp. | Long-term evolution (LTE) policy control and charging rules function (PCRF) selection |
US8615237B2 (en) | 2010-01-04 | 2013-12-24 | Tekelec, Inc. | Methods, systems, and computer readable media for policy and charging rules function (PCRF) node selection |
WO2011100166A2 (fr) | 2010-02-11 | 2011-08-18 | Tekelec | Procédés, systèmes et supports lisibles par ordinateur pour adaptation dynamique de profil d'abonné |
US8824370B2 (en) | 2010-12-16 | 2014-09-02 | Openet Telecom Ltd. | Methods, systems and devices for dynamic context-based routing |
US8880726B2 (en) | 2010-12-16 | 2014-11-04 | Openet Telecom Ltd. | Methods, systems and devices for dynamic context-based routing using a topology tree |
US8515392B2 (en) | 2010-12-16 | 2013-08-20 | Verizon Patent And Licensing Inc. | Self-subscription and self-reactivation to a network |
US9253163B2 (en) | 2011-12-12 | 2016-02-02 | Tekelec, Inc. | Methods, systems, and computer readable media for encrypting diameter identification information in a communication network |
-
2011
- 2011-06-06 CN CN201180032307.4A patent/CN103039049B/zh active Active
- 2011-06-06 IN IN10349CHN2012 patent/IN2012CN10349A/en unknown
- 2011-06-06 KR KR1020127034449A patent/KR101506232B1/ko active IP Right Grant
- 2011-06-06 EP EP11792956.2A patent/EP2577930B1/fr active Active
- 2011-06-06 WO PCT/US2011/039285 patent/WO2011156274A2/fr active Application Filing
- 2011-06-06 US US13/154,119 patent/US9094819B2/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1848150A1 (fr) | 2006-04-20 | 2007-10-24 | NTT DoCoMo, Inc. | Procedé et appareil pour la dissimulation de la topologie de réseau de données. |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9059948B2 (en) | 2004-12-17 | 2015-06-16 | Tekelec, Inc. | Methods, systems, and computer program products for clustering and communicating between internet protocol multimedia subsystem (IMS) entities and for supporting database access in an IMS network environment |
US9288169B2 (en) | 2004-12-17 | 2016-03-15 | Tekelec, Inc. | Methods, systems, and computer program products for clustering and communicating between internet protocol multimedia subsystem (IMS) entities and for supporting database access in an IMS network environment |
US8615237B2 (en) | 2010-01-04 | 2013-12-24 | Tekelec, Inc. | Methods, systems, and computer readable media for policy and charging rules function (PCRF) node selection |
US8626157B2 (en) | 2010-02-11 | 2014-01-07 | Tekelec, Inc. | Methods, systems, and computer readable media for dynamic subscriber profile adaptation |
EP3331215A1 (fr) * | 2010-12-16 | 2018-06-06 | Openet Telecom Ltd. | Procédés, systèmes et dispositifs de routage à base de contexte dynamique |
US8942747B2 (en) | 2011-02-04 | 2015-01-27 | Tekelec, Inc. | Methods, systems, and computer readable media for provisioning a diameter binding repository |
US8737304B2 (en) | 2011-03-01 | 2014-05-27 | Tekelec, Inc. | Methods, systems, and computer readable media for hybrid session based diameter routing |
US8825060B2 (en) | 2011-03-01 | 2014-09-02 | Tekelec, Inc. | Methods, systems, and computer readable media for dynamically learning diameter binding information |
US8918469B2 (en) | 2011-03-01 | 2014-12-23 | Tekelec, Inc. | Methods, systems, and computer readable media for sharing diameter binding data |
US8547908B2 (en) | 2011-03-03 | 2013-10-01 | Tekelec, Inc. | Methods, systems, and computer readable media for enriching a diameter signaling message |
US9148524B2 (en) | 2011-05-06 | 2015-09-29 | Tekelec, Inc. | Methods, systems, and computer readable media for caching call session control function (CSCF) data at a diameter signaling router (DSR) |
US9253163B2 (en) | 2011-12-12 | 2016-02-02 | Tekelec, Inc. | Methods, systems, and computer readable media for encrypting diameter identification information in a communication network |
US20150257044A1 (en) * | 2012-07-06 | 2015-09-10 | Mobileum, Inc. | Steering of roaming in lte and legacy network environment |
US10028174B2 (en) * | 2012-07-06 | 2018-07-17 | Mobileum, Inc. | Steering of roaming in LTE and legacy network environment |
US10951519B2 (en) | 2015-06-17 | 2021-03-16 | Oracle International Corporation | Methods, systems, and computer readable media for multi-protocol stateful routing |
US9967148B2 (en) | 2015-07-09 | 2018-05-08 | Oracle International Corporation | Methods, systems, and computer readable media for selective diameter topology hiding |
US9918229B2 (en) | 2015-08-14 | 2018-03-13 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network protocol interworking and authentication proxying |
US9930528B2 (en) | 2015-08-14 | 2018-03-27 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network signaling protocol interworking for user authentication |
US9668135B2 (en) | 2015-08-14 | 2017-05-30 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network signaling protocol interworking for user authentication |
US10084755B2 (en) | 2015-08-14 | 2018-09-25 | Oracle International Corporation | Methods, systems, and computer readable media for remote authentication dial in user service (RADIUS) proxy and diameter agent address resolution |
US9668134B2 (en) | 2015-08-14 | 2017-05-30 | Oracle International Corporation | Methods, systems, and computer readable media for providing access network protocol interworking and authentication proxying |
US9923984B2 (en) | 2015-10-30 | 2018-03-20 | Oracle International Corporation | Methods, systems, and computer readable media for remote authentication dial in user service (RADIUS) message loop detection and mitigation |
US10033736B2 (en) | 2016-01-21 | 2018-07-24 | Oracle International Corporation | Methods, systems, and computer readable media for remote authentication dial-in user service (radius) topology hiding |
US11283883B1 (en) | 2020-11-09 | 2022-03-22 | Oracle International Corporation | Methods, systems, and computer readable media for providing optimized binding support function (BSF) packet data unit (PDU) session binding discovery responses |
US11558737B2 (en) | 2021-01-08 | 2023-01-17 | Oracle International Corporation | Methods, systems, and computer readable media for preventing subscriber identifier leakage |
US11888894B2 (en) | 2021-04-21 | 2024-01-30 | Oracle International Corporation | Methods, systems, and computer readable media for mitigating network function (NF) update and deregister attacks |
US11627467B2 (en) | 2021-05-05 | 2023-04-11 | Oracle International Corporation | Methods, systems, and computer readable media for generating and using single-use OAuth 2.0 access tokens for securing specific service-based architecture (SBA) interfaces |
US11570689B2 (en) | 2021-05-07 | 2023-01-31 | Oracle International Corporation | Methods, systems, and computer readable media for hiding network function instance identifiers |
US11638155B2 (en) | 2021-05-07 | 2023-04-25 | Oracle International Corporation | Methods, systems, and computer readable media for protecting against mass network function (NF) deregistration attacks |
US11695563B2 (en) | 2021-05-07 | 2023-07-04 | Oracle International Corporation | Methods, systems, and computer readable media for single-use authentication messages |
Also Published As
Publication number | Publication date |
---|---|
EP2577930A4 (fr) | 2016-03-09 |
IN2012CN10349A (fr) | 2015-07-31 |
KR20130041844A (ko) | 2013-04-25 |
EP2577930B1 (fr) | 2020-05-27 |
KR101506232B1 (ko) | 2015-03-26 |
US9094819B2 (en) | 2015-07-28 |
WO2011156274A4 (fr) | 2012-05-24 |
CN103039049A (zh) | 2013-04-10 |
EP2577930A2 (fr) | 2013-04-10 |
US20110302244A1 (en) | 2011-12-08 |
WO2011156274A3 (fr) | 2012-04-05 |
CN103039049B (zh) | 2016-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9094819B2 (en) | Methods, systems, and computer readable media for obscuring diameter node information in a communication network | |
EP2681940B1 (fr) | Procédés, systèmes et support lisible par ordinateur pour enrichir un message de signalisation diameter | |
US8644355B2 (en) | Methods, systems, and computer readable media for modifying a diameter signaling message directed to a charging function node | |
US9253163B2 (en) | Methods, systems, and computer readable media for encrypting diameter identification information in a communication network | |
US10237721B2 (en) | Methods, systems, and computer readable media for validating a redirect address in a diameter message | |
US10027580B2 (en) | Methods, systems, and computer readable media for performing stateful diameter routing with diameter routing agents that use different mechanisms to achieve stateful routing | |
US9967148B2 (en) | Methods, systems, and computer readable media for selective diameter topology hiding | |
US8015293B2 (en) | Methods, systems, and computer program products for clustering and communicating between internet protocol multimedia subsystem (IMS) entities | |
RU2357378C2 (ru) | Способ и устройство для скрытия истинной идентификационной информации пользователя в системе связи | |
US8498286B2 (en) | Radius gateway on policy charging and rules function (PCRF) for wireline/wireless converged solution | |
US20170214691A1 (en) | Methods, systems, and computer readable media for remote authentication dial-in user service (radius) topology hiding | |
US9521077B2 (en) | Network connection via a proxy device using a generic access point name | |
WO2015169044A1 (fr) | Procédé, dispositif et système de liaison de sessions dans un scénario d'itinérance | |
US20160227394A1 (en) | Hiding Diameter Network Topology | |
CA3130666C (fr) | Traitement gtp-c distribue multicouche | |
US10104604B2 (en) | S9 roaming session destination selection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180032307.4 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11792956 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10349/CHENP/2012 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011792956 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20127034449 Country of ref document: KR Kind code of ref document: A |